没有配置身份验证处理程序来处理该方案

Question

This is a very annoying problem, I'm setting up cookies authentication on my asp.net core project and sometimes this error occurs and sometimes it doesn't!

There is no pattern! It just starts throwing the error and suddenly it stops, then start again...

The exception is:

InvalidOperationException: No authentication handler is configured to handle the scheme: MyAuthScheme

This is really really annoying! Here is my Startup.cs

public class Startup
{
    public const string AuthenticationSchemeName = "MyAuthScheme";

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IHttpContextAccessor httpContextAccessor)
    {
        loggerFactory.AddConsole();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = AuthenticationSchemeName,
            LoginPath = new PathString("/login"),
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            SlidingExpiration = true,
        });

        app.UseStaticFiles();
        app.UseMvc();
    }
}

And this is my authentication code:

await HttpContext.Authentication.SignInAsync(Startup.AuthenticationSchemeName, new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookie")));

any help on this?

Answer 1

I had the same problem. Bruno's solution did work, but the main issue for me was that had UseMVC before UseIdentity, so:

//Identity must be placed before UseMVC()
app.UseIdentity();
app.UseMvc();

Answer 2

I was facing this same issue and by digging into the source code, I discovered that for some reason, sometimes the IHttpAuthenticationFeature.Handler doesn't get set, and that's the reason why this error occurs. This is indeed very annoying and I fixed this issue by doing the following:

Expose your CookieAuthenticationOptions . I did this inside my Startup class:

public static readonly CookieAuthenticationOptions cookieAuthenticationOptions = new CookieAuthenticationOptions
{
    //... your settings here
};

Then in your Configure() , it becomes:

app.UseCookieAuthentication(cookieAuthenticationOptions);

Then right before calling SignInAsync , you do:

if (HttpContext.Features.Get<IHttpAuthenticationFeature>()?.Handler == null)
{
    var handler = (AuthenticationHandler<CookieAuthenticationOptions>)Activator.CreateInstance(cookieAuthenticationHandlerType);
    await handler.InitializeAsync(Startup.cookieAuthenticationOptions, HttpContext, logger, UrlEncoder.Default);

    var feature = HttpContext.Features.Get<IHttpAuthenticationFeature>() ?? new HttpAuthenticationFeature();
    feature.Handler = handler;

    HttpContext.Features.Set(feature);
}

You also need:

private static readonly Type cookieAuthenticationHandlerType = typeof(CookieAuthenticationMiddleware).Assembly.GetType("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler");

And inject these 2 dependencies in your constructor like:

public LoginController(IHttpContextAccessor httpContextAccessor, ILoggerFactory loggerFactory)
{
    this.HttpContext = httpContextAccessor.HttpContext;
    this.logger = loggerFactory.CreateLogger(this.GetType());
}

Ps: I don't know if this is a bug or what... but I hope it gets fixed in the next release.

Answer 3

I also ran into a similar issue using IdentityServer4 I needed to explicity add a signin-schema named the same as the variable or constant it was requesting.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    //Replace the Authentication Scheme with MyAuthScheme
    AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
    AutomaticAuthenticate = true,
    ExpireTimeSpan = TimeSpan.FromMinutes(60)
});